Nick: T, last week, a hacker tried to break into your crypto accounts and steal your funds. Can you tell us what happened?

Teeka: Yes, I was the victim of a hack—and it was a fairly sophisticated one.

Now, this type of hack has happened to friends of mine before… Somebody calls your phone company pretending to be you. Then, they port your phone number to another phone…

Once they do that, they can use the new phone to reset the passwords on any email accounts you have on the old phone. And when they have access to your email accounts, they can reset your crypto account passwords and attack your crypto funds.

With my cell phone service, I have a special code that you must use if you want to make any changes to my phone. But apparently what happened—and this is what my phone company told me—is that somebody called them and impersonated me.

They didn’t have the code, but they had my Social Security number. And I’ve told my company, “Don’t let anybody make any changes unless they have that code.”

But they ignored my request. And since this person had the last four digits of my Social Security number, they were able to port my number.

Teeka: Look, there’s no such thing as digital privacy. It’s just a fact of the world we live in today. If someone has $20 worth of Monero [an anonymous digital currency] and a Tor web browser, they can access the dark web and get just about anybody’s Social Security number.

Social Security numbers aren’t safe. They’re not secure. You have to assume your Social Security number is known. And clearly, this person knew mine.

And my phone company didn’t do what I told them to do, so the hacker was able to port my phone number.

Nick: Did they get into any of your crypto accounts?

Teeka: They managed to get into a few of my crypto accounts—but weren’t able to pierce some of the others.

I have two-factor authentication on all my accounts that aren’t directly tied to my phone. And I don’t know yet how they were able to overcome that security feature with some of my accounts. I’m still trying to figure that out.

But the thing is—regardless of how good you think your security is—there will always be somebody who can get around it. So if they do get around your defenses, you want to make sure there’s nothing there for them to take.

Had I kept my coins on exchanges, this would be a very different interview…

Teeka: The beauty about cryptocurrency is that you can control your digital assets.

Each crypto account comes with a “private key.” Private keys allow you to send and access your crypto holdings. So it’s important you maintain possession of them.

As long as you have custody of your private keys, no one can access your digital assets. So you have to protect them.

Nick: What steps can people take to secure their crypto funds?

Teeka: It bears repeating: Don’t keep your crypto funds on exchanges. Move them to a digital or hardware wallet in which you have control of the private keys.

Also, don’t store your private keys on the internet. Don’t store them in your iCloud, your Evernote, or your Microsoft OneDrive accounts. Those were the first places where this hacker went hunting for my crypto keys.

You can write your passwords and private keys in a physical form and then store the documents in a bank, safety deposit box, or safe in your house. And you can keep another digital copy on an encrypted flash drive.

If you store physical and digital copies offline, then they’re unhackable.

Sure, anybody can go rob a bank and rip open your safety deposit box to get at your documents. But what do you think is more likely to happen? Someone breaking into a bank to get your private keys… or someone hacking into your computer to get them?

Teeka: When you set up on online accounts, use an email address that’s not tied to your phone in any way. If you can’t do that, then use a recovery email not tied to your phone.

And if your financial institution or cryptocurrency exchange wants a phone number, then it might be worth getting a second phone—like a prepaid one that isn’t tied to your name. The phone number shouldn’t be listed anywhere. It shouldn’t be linked to you in any way, shape, or form.

This way, you’ll be able to use that phone for your two-factor authentication if you want to. Or if you want to use Google authenticator on that phone, you can use that as a contact number. It should be a phone that’s completely separate from your identity.

Nick: That seems like a lot of work.

Teeka: Yes, it’s a bit of a pain in the neck to custody your own coins. But while it’s not super easy, it’s not rocket science, either.

The alternative to spending just a few extra minutes to make some backup copies of your passwords and keys—and to move your coins off exchanges into your wallet—is getting hacked, having an exchange go out of business, or having somebody in an exchange steal your money.

There’s no FDIC in the crypto game, so your funds aren’t insured like the money in your bank account is. There might be crypto insurance at some point, but not yet—which means you’re on your own. So please take that to heart.

Moving forward, I’m going to be honest with myself and examine the weakness that got exploited. For me, it was having recovery email addresses and recovery phone numbers linked to the phone that I use all the time.

It’s the same phone number I’ve had for 20 years. Almost everybody knows what my phone number is. It’s not hard to find. Clearly, I’m not using that phone number anymore, which is a bummer since I’ve had it for a long time.

But what I can tell you is that it’s a huge pain in the neck once your identity’s been compromised. You have to make a lot of changes, and it’s not fun.

Unfortunately, we’re in the crypto world… and in a crypto world, it can be a little lawless.

Again, the good news of the story is that I didn’t keep any coins on exchanges. My coins are safe. So I would strongly urge you to do the same and keep your coins safe. Self-custody them and think about the idea of having a phone that’s separate from your name and your identity.

Nick: It’s unfortunate you had to go through this ordeal, T. But I’m glad you didn’t lose any of your crypto funds. As always, thanks for the advice.

Teeka: You’re welcome.

Nick’s Note: If Teeka’s story has helped you in any way, please let us know right here…

COMPANY

POLICIES

JOIN OUR DAILY NEWSLETTER

Reading The Palm Beach Daily will help you grow your bottom line and live a happier life in just
three minutes a day.

All rights reserved. You may not republish, upload, post, transmit or otherwise distribute any Palm Beach Research Group content to online bulletin and message boards, blogs, chat rooms, intranets, or in other any manner,
without our prior written authorization. Any modification or use of the content for purposes other than your personal, noncommercial use is a violation of our copyright and proprietary rights, and may subject you to legal liability and result
in the cancellation of your services.

Information contained herein is obtained from sources believed to be reliable, but its accuracy cannot be guaranteed. It is not designed to meet your personal situation – we are not financial advisors nor do we give personalized advice. The opinions
expressed herein are those of the publisher and are subject to change without notice. It may become outdated and there is no obligation to update any such information.

Recommendations in Palm Beach Research Group publications should be made only after consulting with your advisor and only after reviewing the prospectus or financial statements of the company in question. You shouldn't make any decision based
solely on what you read here.

Palm Beach Research Group writers and publications do not take compensation in any form for covering those securities or commodities.

Palm Beach Research Group expressly forbids its writers from owning or having an interest in any security that they recommend to their readers. Furthermore, all other employees and agents of Palm Beach Research Group and its affiliate companies
must wait 24 hours before following an initial recommendation published on the Internet, or 72 hours after a printed publication is mailed.

Palm Beach Research Group welcomes comments or suggestions here. This address is for feedback only. For questions about your account, or to speak with customer service, call 888-501-2598
(U.S.) Monday-Friday, 9 a.m.-7 p.m. ET, or e-mail us here. We look forward to your feedback and questions. However, the law prohibits us from giving individual and personal investment
advice. We are unable to respond to e-mails and phone calls requesting that type of information.